Friday, 29 April 2016

Python for Network Engineers - Part 1

In this blog article we’re going to look at how to get
started learning Python as a Network Engineer.

We’ll look at some great resources to use to learn the
basics, some links to source network focused resources and steer in the right
direction for modules and packages which a network engineer will find useful.

This will also be the first blog in a series. In subsequent posts we are going to walk
through using Python and APIs to configure various devices such as Junos, Cisco
Nexus, F5, Arista and Palo Alto.

Why Python

There are many scripting languages out there such as
PowerShell, Perl and Ruby. So why choose
Python?

For me Python is very quick to pick up, is quite flexible,
there are lots of resources and examples out there and it’s just very easy to
write a short piece of code to do some powerful tasks.

Python is cross platform.
However many modules are hooked into Linux. If you to run your code on a Microsoft OS,
then perhaps PowerShell is the language for you. PowerShell’s advantage is in the modules that
help you work with MS products (ie IIS, SCOM, SharePoint etc.)

Also Puppet and Chef are both built on Ruby. So if you’re planning to heavily use these
tools then perhaps try Ruby as well / instead.

Python Basics

The first thing you’ll need to do is get to grips with the
basics of Python. I would recommend the
following resources:

1. https://www.codecademy.com/learn/python
- This starts from the very basics and easy for complete beginners to get started
with Python. Also it’s completely hands
on using a Python interpreter in the web browser.

2. https://developers.google.com/edu/python/?hl=en
– This comprises of a couple of youtube videos and some exercises. Again this starts as if you know very little
or no python. However it moves at a
faster pace. The exercises are the best
part as they will get you doing some very useful and powerful things with only
a small amount of code. For this you’ll
need to install python. I use a VM with
Ubuntu for this purpose.

The main aim for learning the basics will be to understand
how to:

Work with the various objects in Python (Strings, Integers, floats, Lists, tuples and Dictionaries)

Work with if/else/for loops and conditionals (and, in, not etc)

Loading in modules and creating your own modules

Understand classes and their attributes and functions. Even if you don’t create your own classes then you will use them all the time. So it will really help you understand Python if you learn about classes and objects.

Using the interactive prompt and the online help() and dir() functions. Dir() will list all the attributes and functions available in an object, so this is very valuable.

Once
you’re comfortable with the above then you’re only a step away from automating
all your network kit !!

Python Modules

When you first start off using Python then you’ll probably
spend a lot of time trying to find the right module for the task in hand. Or worse, try to write something that is
easily available in a module. To help
you out then here is a list of modules that I use:

requests – this module is
a HTTP client. I always use it for
talking to REST APIs as it very flexible and easy to use

json – JSON formatted data
looks the same as a dictionary object in Python. However when you read data from a REST
API or from a file it will be read as a string. This library will convert a string to a
dictionary object and vice versa.

yaml – I also use this for
loading string data into a dictionary.
I found sometimes where you have nested dictionaries inside
dictionaries or lists inside dictionaries the yaml module will interpret
all of it correctly, where the json library wouldn’t.

xmltodict – Converts xml
data into a dictionary.
Dictionaries are obviously easier to work with in Python so this
can be very useful.

ncclient – This module is
for working with NETCONF devices.
This makes it very easy to start working with Junos and Cisco Nexus
in particular. But also many other
vendors that have implemented NETCONF.

optparse – module to read
in arguments from a command line script.
There are many modules that do this, including sys.argv, but this
is just the first one I started using.

getpass – will allow an
interactive user to input a string without echoing what they type.

netaddr – This is what I
use for working with IP addresses. However
there is also ipaddr which was written by google, so I imagine this will
be a better module going forward.

MySQLdb – for writing /
reading from a MySQL database.
Again I’m sure there are multiple modules out there to achieve this
but this one works well for me

time – good for grabbing
the current date and/or time for logging and creating unique filenames

paramiko – this is the
most commonly used SSH client in Python

re – regular expression
matching. If you’re working with
Paramiko then this library will be invaluable to try to pick out the bits
of output you’re interested in.

Working with Network Devices

So I have mentioned Paramiko above. However for this series of blog posts I will
not look at Paramiko in detail. Using
SSH to automate is a failure in my book, as it is designed to be worked with
interactively by a human. Some people
veer towards this as that’s what they are used to working with, but when
writing code it is very messy. All the
latest software from all the vendors offers APIs so we will concentrate on
that. To summarise then when working
with network devices we can use the following methods:

Junos – Supports NETCONF
over SSH. You can basically send
set commands and get back XML data.
If you purchase Junos Space then this has a REST API. However I find the NETCONF interface
easier to use and it’s free with Junos.
Also Junos Space acts as a middle layer and actually uses NETCONF
to programme the Junos devices.

Cisco Nexus – Has a REST
API in 7.2 onwards. Before that
there is a very good NETCONF interface.
For both NX-API and NETCONF you can just send cli commands and get
back data in JSON or XML respectively.

Arista EOS – Has a REST
API. Again very easy to use as you
just send cli commands and get back JSON data.

F5 – Has a REST API in
version 11.5 onwards. Before that
there is a SOAP interface (if using this then F5 have a bigsuds python
module).

Palo Alto – Has a HTTP XML
API

FortiGate – You will need
to purchase FortiManager, but that will then give you a REST API.

From each API then we are either getting back XML or JSON
data. Either way we can easily load this
data into a dictionary object and start working with it very quickly and easily
with Python.

Network Specific Resources

Last of all then please see a few other network specific
resources out there which may be of some use: